Posted
by
Soulskillon Friday December 31, 2010 @03:24PM
from the matter-of-time dept.

broggyr writes "Seems it didn't take long to hack the Windows Phone 7 marketplace. Quoting WPCentral: 'For developers, the weakness in Microsoft's DRM for Windows Phone 7 applications has been well known for quite some time, and there have been calls for Microsoft to address these concerns ... Since then, a "white hat" developer has provided WPCentral with a proof-of-concept program that can successfully pull any application from the Marketplace, remove the security and deploy to an unlocked Windows Phone with literally a push of a button. Alternatively, you could just save the cracked XAP file to your hard drive. Neither the app nor the methodology is public, and it will NOT be released ... It is important to note that this was all done within six hours by one developer.'"

You should know better that to use such a weak command on good 'ol MK. Try this:

"Oh uncool bush! Unloose this passle
Of furry cats that you hassle!
Tho' by speed my brain's destroyed,
I'm not half this paranoid!
So cease this bummer, down the freak-out,
Let caps and joints cause brains to leak out!
These cats are groovy here among us,
So leave 'em be, you up-tight fungus!"

Either that or just call his mom and tell him to come upstairs for a while.

>>>Has anyone really been far even as decided to use even go want to do look more like?

Oh leally? Well somebody set up us the bomb. We get signal. Main screen tuln on. All youl base are belong to us. What you say !! You have no chance to sulvive make youl time. Ha Ha! Take off every 'ZIG cause you know what you doing fol great justice - move ZIG.

And fulthemore:ALL BASES OF CATS WERE DESTROYED.IT SEEMS TO BE PEACEFUL. BUT IT IS INCORRECT.CATS IS STILL ALIVE. ZIG-01 MUST FIGHT AGAIN.(game re

Neither the app nor the methodology is public, and it will NOT be released

Until / unless sufficient cash has been offered to the developer...

Apparently, this weakness was pointed out months ago (according to comments in TFA). The black hats probably all have it if they want it, so the associated monetary value for such an exploit is probably low and falling.

For piracy-related weaknesses, I suspect that the monetary value will never be all that high.

To go by the PC experience, there are basically two motives behind cracking DRM on programs: You have the warez scene guys, who do it for the interest and the bragging rights, and tend to produce working(but in no way intended to look uncracked, particularly in areas like the installer, which will often be coated in the livery and distinctive symbols of the group that cracked it) releases that quickly get torrented around and make nobody any money worth noting. Second, you have the more professional set who(sometimes independently, sometimes piggibacking on the efforts of the first group) produce functioning cracked versions, intended to look as legitimate as possible(no flaming skull ascii art in the documentation...), mostly of expensive professional programs, for sale to the unsuspecting or unsophisticated as suspiciously cheap, but hardly free, "OEM" software.

Unless Windows Phone substantially differs from the iPhone or Android, and actually features a lot of available expensive pro stuff, the second group will be largely unmotivated(also, since MS controls the official market, it will be very difficult to fool n00bs into thinking that your cracked copy is a "real" version, even if sideloading is trivial). The first group might spring up, if the Windows Phone market becomes large enough to provide a pool of interested hackers; but(perversely) the sheer ease of cracking, at the present time, will likely bore them. Somebody will probably release a sideloader utility, at some point; but an active warez scene like that of the PC seems less likely, and an active "fake legitimate" scene seems less likely still.

Neither the app nor the methodology is public, and it will NOT be released

Kind of selfish, why should the only other owner of a Windows Phone 7 have to pay for their apps?

Okay, I chuckled, but there's an interesting point here:

This is a good opportunity to validate the argument that Windows' popularity is what makes it so prone to attack. Given that Windows Phone 7 is a minor player in the mobile market, it should be exploited significantly less[*] than Android and IOS, for example. Let's keep an eye on this and see whether that hypothesis is borne out....

--------------
[*] For the sake of this experiment, let's postulate that 'less' means a smaller number of exploits overal

Not exactly a disaster, but now customers must upgrade to the next tier & pay almost twice as much to get the same "unlimited texts" benefit. I don't buy Virgin's excuse that they were losing money on the $15 Texting plan. Texts cost practically nothing.

2000 messages/month of "practially nothing" adds up, and I'm getting plenty of months like that when some "consultant" misconfigures my old, documented, robust alert system and just goes ahead and "turns on everything, to debug". Then everry single one of dozens or hundreds or even thousands of systems starts sending distinct alerts, because they've sidetracked my very careful hierarchy of "if this alert happens, it means the VPN is down:

Yes TEXTING does cost practically nothing. "When phones are on and waiting for a phone call or any type of data retrieval, they are ALWAYS connected to the cell phone tower. The phones and cell phone towers exchange little packets worth of information back and forth so when ever a call comes it, they can find you straight away. Can anyone guess how big the packets are that are sent between cell and tower? If you guess 160 characters, you are right." In other words they are charging for a service that s

Which has nothing to do with my original point:
- VirginMobile claimed to be losing money on the $15 unlimited texting plan, so they eliminated it. But if texting costs nothing, then Virgin lost nothing. They were lying.

Should be free? Because SMSCs cost nothing to implement and run, amirite? And the storage for the text messages is free amirite? Definitely the backhaul getting the text messages from point A to point B for transmission is free.

Text messages aren't free just because you say so. There's a very real cost associated, and one that someone has to pay for (like, I don't know, the customer). Whether the text message costs too much, well that's a different story. Considering I can flick 5000 text messages fo

When you send a text message, it first goes to your friendly neighbourhood SMSC. The SMC then polls the home location register (pre-existing infrastructure) for the location of the recipient's phone. When it gets a valid response, it sends it to the address given by the HLR and forgets all about it. Then Verizon charges you over $14/MB for bandwidth. If you had smart phones with an app that made 300 baud modem noises, it would be a 4 second phone call.

Also, all of that equipment is still not free like commodore64_love claims. So there is a real cost involved. Especially when you consider the cost of the billing systems I explicitly didn't mention in my initial post.

Much less likely. Enforcing restrictions on the hardware itself(no tethering, only the carrier's shit-tastic navigation application gets access to the GPS hardware, that sort of thing) is common enough; but that doesn't change the fact that the carrier ultimately controls the network, and the network is substantially more sophisticated than it was back when people were Captain Crunching their way past payphones...(also, unlike payphones, most users are now tied to a unique SIM, or CDMA equivalent, rather th

I have two WP7 apps in the Marketplace, and I don't see this as a disaster, for several reasons: (1) I think it will help Windows Phones get a reputation as a homebrew-capable platform, which will help it build street cred; (2) Microsoft will certainly respond to each of these hacks with counter-measures (and actually the author of this very hack suggested a technique to frustrate it); (3) if people are ripping off my apps, that must mean they really want them -- and it's a fair assumption that most people

(1) I think it will help Windows Phones get a reputation as a homebrew-capable platform, which will help it build street cred; (2) Microsoft will certainly respond to each of these hacks with counter-measures

Neither have been true of the iPhone, even though it's been jailbroken even before there were apps...

(3) if people are ripping off my apps, that must mean they really want them

That's the way I've always felt aout piracy. I don't think it represents many lost sales, if any, and in a way it can be good p

That's the way I've always felt aout piracy. I don't think it represents many lost sales, if any, and in a way it can be good publicity... although I have to say you underestimate the number of pirates that simply horde stuff instead of collecting just apps they want. But again, that's not a lost sale either....\

I'd mod you up if i could. There is definitely a class of "pirates" that are more like collectors than anything else... they just want to -have- it, not to -use- it. If it has a high retail price al

The ideal that most consumers want homebrew applications for any system is laughable. Yes there are people that want that but they're mainly developers and other tech people that take interest in that sort of thing. Everyone else just wants to steal software.

Take for instance systems that have been around awhile. The GBA only has 50 homebrew titles (maybe a few more that aren't on gbadev.org even if it is one of the main sites) Something newer like the Nintendo DS has approx 120 titles.

I think companies would turn a blind eye if the vast majority of people used these hacks for homebrew only because it sells more hardware and can lead to more software sales.

Not necessarily. Homebrew competes with legitimate sales of commercial games that use the same rules. Nintendo might argue for every copy of Lockjaw DS [pineight.com] that gets downloaded and installed on an R4, it can't sell a copy of Tetris DS. Or Sony: for every copy of gpSP [wikipedia.org] running Gleam [racketboy.com] or Luminesweeper [pineight.com], it can't sell a copy of Lumines or Lumines II.

I think homebrew will always be a niche though. Think about it Lockjaw is arguably taking sales now but they don't shut down homebrew sites.

They do go after some of the tools (like R4) because it allows people to pirate games. I think most people just graviate towards more popular things. Pop music is generally rubbish but sells well. Lockjaw may very well be a better version of Tetris but doesn't have the name and isn't as flashy and will lack any connection to the leader boards at nintendowifi.com.

Lockjaw may very well be a better version of Tetris but doesn't have the name and isn't as flashy and will lack any connection to the leader boards at nintendowifi.com.

If the homebrew dswifi library were more mature when Lockjaw was being developed, then it probably would have had its own (parallel) leaderboard. It did have a few high score threads on tetrisconcept.com though.

I think if a single person was outputting something that was beating a whole team's effort they'd get hired straight away

Really? Consider the story of Bob's Game [wikipedia.org]. And consider that some people can't be hired because they have family obligations in a state with no video game studios.

It's not that hard. There are several ways to do it (as are documented here [xda-developers.com]). It's not even a real crack, you need to have a developer account to even side-load the apps on the phone (you can use the chevron cert also, but if you do that, you need to be careful otherwise all the apps will be erased when you update). In that case you can only upload 10 apps max at a time.

This is the second slashdot article talking about a WP7 hack that wasn't really a hack. People are having trouble jailbreaking the thing, so we keep seeing articles about meaningless hacks as everyone wants to know when it is really jailbroken.

It doesn't matter in my eyes; if people are going to want to crack the DRM, they will, if they don't want to steal, they won't. Hey, if I wanted to, I can probably look up how to pirate iPhone apps somewhere on the internet. Pretend these apps were music files or computer games for a second. We have always called for less invasive DRM on both fronts so that people who will to steal the software and files still will do it and people who want to pay and enjoy the product have no trouble doing so. People will

Unlocked means that the phone has been registered to a developer account at the marketplace (and can run unsigned applications).So you either have a dev account (tied directly to your name/credit card), or you have jailbroken the phone with chevron WP7 (which requires a cert from their site which has been removed at the request of Microsoft).